in this method we can attach evil Process to permitted Process . as you know , firewalls Permit to some Process , like : Internet explorer [IE] or Firefox or windows update or … . this Processes can connect to Internet very well [ often ] .

in dll injection , we injects dll into an application process area, and references to his own malicious DLL to make firewall believes that it’s the application which is using the DLL .

Today when we talk about injection, we are talking about a DLL that is loaded into a running process’s memory. as we know Windows is now designed for this, and injection techniques can be used by any application. Some applications use it to add features to a closed-source program [for example : Babylon Dictionary is One of them ] .

I,m not intend to talk about these [dll ,process Injection ] at this time . and i just want talk about Process injection [ or hijack] to bypass firewalls .

Attention To modeling :

Principle of application run [default ] :

when inclusion of a dynamic library [dll] :

inserting malicious code inthe process of confidence :

Used internet Explorer [trusted Software ] for injection :

The following illustration shows the general Code injection with windows API method [virtualAllocEX(),..]